================================================================= */ \r
package org.apache.poi.poifs.crypt;\r
\r
-import static org.junit.Assert.assertEquals;\r
-import static org.junit.Assert.assertFalse;\r
-import static org.junit.Assert.assertNotNull;\r
-import static org.junit.Assert.assertTrue;\r
+import static org.junit.Assert.*;\r
\r
import java.io.File;\r
import java.io.FileInputStream;\r
import java.io.IOException;\r
import java.io.InputStream;\r
import java.lang.reflect.Method;\r
-import java.net.MalformedURLException;\r
+import java.net.ConnectException;\r
import java.net.URL;\r
import java.net.URLClassLoader;\r
import java.security.Key;\r
\r
\r
@BeforeClass\r
- public static void initBouncy() throws MalformedURLException {\r
+ public static void initBouncy() throws IOException {\r
File bcProvJar = new File("lib/bcprov-ext-jdk15on-1.51.jar");\r
File bcPkixJar = new File("lib/bcpkix-jdk15on-151.jar");\r
ClassLoader cl = Thread.currentThread().getContextClassLoader();\r
URLClassLoader ucl = new URLClassLoader(new URL[]{bcProvJar.toURI().toURL(),bcPkixJar.toURI().toURL()}, cl);\r
- Thread.currentThread().setContextClassLoader(ucl);\r
- CryptoFunctions.registerBouncyCastle();\r
-\r
- /*** TODO : set cal to now ... only set to fixed date for debugging ... */ \r
- cal = Calendar.getInstance();\r
- cal.clear();\r
- cal.setTimeZone(TimeZone.getTimeZone("UTC"));\r
- cal.set(2014, 7, 6, 21, 42, 12);\r
+ try {\r
+ Thread.currentThread().setContextClassLoader(ucl);\r
+ CryptoFunctions.registerBouncyCastle();\r
+ \r
+ /*** TODO : set cal to now ... only set to fixed date for debugging ... */ \r
+ cal = Calendar.getInstance();\r
+ cal.clear();\r
+ cal.setTimeZone(TimeZone.getTimeZone("UTC"));\r
+ cal.set(2014, 7, 6, 21, 42, 12);\r
+ } finally {\r
+ ucl.close();\r
+ }\r
}\r
\r
@Test\r
\r
for (String testFile : testFiles) {\r
OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ);\r
+ try {\r
+ SignatureConfig sic = new SignatureConfig();\r
+ sic.setOpcPackage(pkg);\r
+ SignatureInfo si = new SignatureInfo();\r
+ si.setSignatureConfig(sic);\r
+ List<X509Certificate> result = new ArrayList<X509Certificate>();\r
+ for (SignaturePart sp : si.getSignatureParts()) {\r
+ if (sp.validate()) {\r
+ result.add(sp.getSigner());\r
+ }\r
+ }\r
+ \r
+ assertNotNull(result);\r
+ assertEquals("test-file: "+testFile, 1, result.size());\r
+ X509Certificate signer = result.get(0);\r
+ LOG.log(POILogger.DEBUG, "signer: " + signer.getSubjectX500Principal());\r
+ \r
+ boolean b = si.verifySignature();\r
+ assertTrue("test-file: "+testFile, b);\r
+ pkg.revert();\r
+ } finally {\r
+ pkg.close();\r
+ }\r
+ }\r
+ }\r
+\r
+ @Test\r
+ public void getMultiSigners() throws Exception {\r
+ String testFile = "hello-world-signed-twice.docx";\r
+ OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ);\r
+ try {\r
SignatureConfig sic = new SignatureConfig();\r
sic.setOpcPackage(pkg);\r
SignatureInfo si = new SignatureInfo();\r
result.add(sp.getSigner());\r
}\r
}\r
-\r
+ \r
assertNotNull(result);\r
- assertEquals("test-file: "+testFile, 1, result.size());\r
- X509Certificate signer = result.get(0);\r
- LOG.log(POILogger.DEBUG, "signer: " + signer.getSubjectX500Principal());\r
-\r
+ assertEquals("test-file: "+testFile, 2, result.size());\r
+ X509Certificate signer1 = result.get(0);\r
+ X509Certificate signer2 = result.get(1);\r
+ LOG.log(POILogger.DEBUG, "signer 1: " + signer1.getSubjectX500Principal());\r
+ LOG.log(POILogger.DEBUG, "signer 2: " + signer2.getSubjectX500Principal());\r
+ \r
boolean b = si.verifySignature();\r
assertTrue("test-file: "+testFile, b);\r
pkg.revert();\r
+ } finally {\r
+ pkg.close();\r
}\r
}\r
-\r
- @Test\r
- public void getMultiSigners() throws Exception {\r
- String testFile = "hello-world-signed-twice.docx";\r
- OPCPackage pkg = OPCPackage.open(testdata.getFile(testFile), PackageAccess.READ);\r
- SignatureConfig sic = new SignatureConfig();\r
- sic.setOpcPackage(pkg);\r
- SignatureInfo si = new SignatureInfo();\r
- si.setSignatureConfig(sic);\r
- List<X509Certificate> result = new ArrayList<X509Certificate>();\r
- for (SignaturePart sp : si.getSignatureParts()) {\r
- if (sp.validate()) {\r
- result.add(sp.getSigner());\r
- }\r
- }\r
-\r
- assertNotNull(result);\r
- assertEquals("test-file: "+testFile, 2, result.size());\r
- X509Certificate signer1 = result.get(0);\r
- X509Certificate signer2 = result.get(1);\r
- LOG.log(POILogger.DEBUG, "signer 1: " + signer1.getSubjectX500Principal());\r
- LOG.log(POILogger.DEBUG, "signer 2: " + signer2.getSubjectX500Principal());\r
-\r
- boolean b = si.verifySignature();\r
- assertTrue("test-file: "+testFile, b);\r
- pkg.revert();\r
- }\r
\r
@Test\r
public void testSignSpreadsheet() throws Exception {\r
public void testManipulation() throws Exception {\r
// sign & validate\r
String testFile = "hello-world-unsigned.xlsx";\r
+ @SuppressWarnings("resource") // closed via XSSFWorkbook.close() below ?!\r
OPCPackage pkg = OPCPackage.open(copy(testdata.getFile(testFile)), PackageAccess.READ_WRITE);\r
sign(pkg, "Test", "CN=Test", 1);\r
\r
\r
if (mockTsp) {\r
TimeStampService tspService = new TimeStampService(){\r
+ @Override\r
public byte[] timeStamp(byte[] data, RevocationData revocationData) throws Exception {\r
revocationData.addCRL(crl);\r
return "time-stamp-token".getBytes(); \r
}\r
- public void setSignatureConfig(SignatureConfig config) {}\r
+ @Override\r
+ public void setSignatureConfig(SignatureConfig config) {\r
+ // empty on purpose\r
+ }\r
};\r
signatureConfig.setTspService(tspService);\r
} else {\r
revocationData.addOCSP(ocspResp.getEncoded());\r
\r
RevocationDataService revocationDataService = new RevocationDataService(){\r
+ @Override\r
public RevocationData getRevocationData(List<X509Certificate> certificateChain) {\r
return revocationData;\r
}\r
// operate\r
SignatureInfo si = new SignatureInfo();\r
si.setSignatureConfig(signatureConfig);\r
- si.confirmSignature();\r
+ try {\r
+ si.confirmSignature();\r
+ } catch (RuntimeException e) {\r
+ // only allow a ConnectException because of timeout, we see this in Jenkins from time to time...\r
+ assertNotNull("Only allowing ConnectException here, but had: " + e, e.getCause());\r
+ assertTrue("Only allowing ConnectException here, but had: " + e, e.getCause() instanceof ConnectException);\r
+ assertTrue("Only allowing ConnectException here, but had: " + e, e.getCause().getMessage().contains("timed out"));\r
+ }\r
\r
// verify\r
Iterator<SignaturePart> spIter = si.getSignatureParts().iterator();\r